Set-AzureADKerberosServer : Failed to connect to domain error

Question

Set-AzureADKerberosServer : Failed to connect to domain error

Philipp Foeckeler 1

Hi all,

I try to create the Kerberos Server object for a FIDO scenario in Hybrid AzureAD (described here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises#create-kerberos-server-object.

I run (as Enterprise Admin) the Set-AzureADKerberosServer on an AADC server in a root domain, the Kerberos object should be created in a child domain from the root. Error shows up:

Set-AzureADKerberosServer : Failed to connect to domain: childdomain.example.com

The AADC has the usual open ports to this child domain like LDAP/Kerberos/RPC High Ports etc. .... are there other specific network requirements for this commandlet?

Thx,
Philipp

Siva-kumar-selvaraj 15,736 Reputation points Volunteer Moderator

2021-11-02T12:52:27.307+00:00

Hello @Philipp Foeckeler ,

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue? If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

---
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

2 answers

Your answer

Siva-kumar-selvaraj 15,736 Reputation points Volunteer Moderator

2021-11-02T12:52:27.307+00:00

Hello @Philipp Foeckeler ,

I just wanted to check in and see if you had any other questions or if you were able to resolve this issue? If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

---
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 1

Hello @Philipp Foeckeler ,

Thanks for reaching out.

Could you please try using respective child-domain's Domain Administrator username and password in which the value of the sAMAccountName attribute is unique instead enterprise Admin from root domain. Please let us know behavior because I think this possibly related to https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/user-name-pwd-incorrect#resolution

Hope this helps.

------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Foeckeler, Philipp 1

Hello sikumars-msft, many thanks for helping.

unfortunately, I got the same error when I tried a domain admin from the subdomain (with a unique sAMAccountName). As I run these commands on the AADC server (which runs on the forest root domain), does it make sense to copy the module files to a server in this subdomain and run the command there? Or does it need to be on the AADC ?

Thank you and kind regards,
Philipp

Siva-kumar-selvaraj 15,736 Reputation points Volunteer Moderator

2021-11-11T05:20:19.9+00:00

This would need further troubleshooting to isolate the issue hence I would recommend to reach out to MS support. If you don't have MS support plan then I can help you with one-time free support. Thanks.
Foeckeler, Philipp 1 Reputation point

2021-11-11T08:48:54.193+00:00

Thank you a lot for the offer! I can open a support ticket. First, I will try to run the cmdlet on a memberserver in the subdomain - because I learned from the newest version on the article (https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises) that there is no need any more to have AADC installed - just install the new AzureADHybridAuthenticationManagement module. I will try that as a subdomain admin, i will let you know the results :)
Siva-kumar-selvaraj 15,736 Reputation points Volunteer Moderator

2021-11-11T12:15:50.517+00:00

Thanks for the update. Sure, let me know the outcome.

Share via

Set-AzureADKerberosServer : Failed to connect to domain error

2 answers

Your answer